在Linux系统里,/usr/include/linux/if_pppox.h里面有这样一个结构:
1struct pppoe_tag {
2 __u16 tag_type;
3 __u16 tag_len;
4 char tag_data[0];
5} __attribute ((packed));
最后一个成员为可变长的数组,对于TLV(Type-Length-Value)形式的结构,或者其他需要变长度的结构体,用这种方式定义最好。使用起来非常方便,创建时,malloc一段结构体大小加上可变长数据长度的空间给它,可变长部分可按数组的方式访问,释放时,直接把整个结构体free掉就可以了。例子如下:2 __u16 tag_type;
3 __u16 tag_len;
4 char tag_data[0];
5} __attribute ((packed));
1struct pppoe_tag *sample_tag;
2__u16 sample_tag_len = 10;
3sample_tag = (struct pppoe_tag *)malloc(sizeof(struct pppoe_tag)+sizeof(char)*sample_tag_len);
4sample_tag->tag_type = 0xffff;
5sample_tag->tag_len = sample_tag_len;
6sample_tag->tag_data[0]=.
7
释放时,2__u16 sample_tag_len = 10;
3sample_tag = (struct pppoe_tag *)malloc(sizeof(struct pppoe_tag)+sizeof(char)*sample_tag_len);
4sample_tag->tag_type = 0xffff;
5sample_tag->tag_len = sample_tag_len;
6sample_tag->tag_data[0]=.
7
1free(sample_tag)
是否可以用 char *tag_data 代替呢?其实它和 char *tag_data 是有很大的区别,为了说明这个问题,我写了以下的程序:例1:test_size.c
1struct tag1
2{
3 int a;
4 int b;
5}__attribute ((packed));
6
7struct tag2
8{
9 int a;
10 int b;
11 char *c;
12}__attribute ((packed));
13
14struct tag3
15{
16 int a;
17 int b;
18 char c[0];
19}__attribute ((packed));
20
21struct tag4
22{
23 int a;
24 int b;
25 char c[1];
26}__attribute ((packed));
27
28int main()
29{
30 struct tag2 l_tag2;
31 struct tag3 l_tag3;
32 struct tag4 l_tag4;
33
34 memset(&l_tag2,0,sizeof(struct tag2));
35 memset(&l_tag3,0,sizeof(struct tag3));
36 memset(&l_tag4,0,sizeof(struct tag4));
37
38 printf("size of tag1 = %d ",sizeof(struct tag1));
39 printf("size of tag2 = %d ",sizeof(struct tag2));
40 printf("size of tag3 = %d ",sizeof(struct tag3));
41
42 printf("l_tag2 = %p,&l_tag2.c = %p,l_tag2.c = %p ",&l_tag2,&l_tag2.c,l_tag2.c);
43 printf("l_tag3 = %p,l_tag3.c = %p ",&l_tag3,l_tag3.c);
44 printf("l_tag4 = %p,l_tag4.c = %p ",&l_tag4,l_tag4.c);
45 exit(0);
46}
__attribute ((packed)) 是为了强制不进行4字节对齐,这样比较容易说明问题。2{
3 int a;
4 int b;
5}__attribute ((packed));
6
7struct tag2
8{
9 int a;
10 int b;
11 char *c;
12}__attribute ((packed));
13
14struct tag3
15{
16 int a;
17 int b;
18 char c[0];
19}__attribute ((packed));
20
21struct tag4
22{
23 int a;
24 int b;
25 char c[1];
26}__attribute ((packed));
27
28int main()
29{
30 struct tag2 l_tag2;
31 struct tag3 l_tag3;
32 struct tag4 l_tag4;
33
34 memset(&l_tag2,0,sizeof(struct tag2));
35 memset(&l_tag3,0,sizeof(struct tag3));
36 memset(&l_tag4,0,sizeof(struct tag4));
37
38 printf("size of tag1 = %d ",sizeof(struct tag1));
39 printf("size of tag2 = %d ",sizeof(struct tag2));
40 printf("size of tag3 = %d ",sizeof(struct tag3));
41
42 printf("l_tag2 = %p,&l_tag2.c = %p,l_tag2.c = %p ",&l_tag2,&l_tag2.c,l_tag2.c);
43 printf("l_tag3 = %p,l_tag3.c = %p ",&l_tag3,l_tag3.c);
44 printf("l_tag4 = %p,l_tag4.c = %p ",&l_tag4,l_tag4.c);
45 exit(0);
46}
程序的运行结果如下:
size of tag1 = 8
size of tag2 = 12
size of tag3 = 8
size of tag4 = 9
l_tag2 = 0xbffffad0,&l_tag2.c = 0xbffffad8,l_tag2.c = (nil)
l_tag3 = 0xbffffac8,l_tag3.c = 0xbffffad0
l_tag4 = 0xbffffabc,l_tag4.c = 0xbffffac4
从上面程序和运行结果可以看出:tag1本身包括两个32位整数,所以占了8个字节的空间。tag2包括了两个32位的整数,外加一个char *的指针,所以占了12个字节。tag3才是真正看出char c[0]和char *c的区别,char c[0]中的c并不是指针,是一个偏移量,这个偏移量指向的是a、b后面紧接着的空间,所以它其实并不占用任何空间。tag4更加补充说明了这一点。所以,上面的struct pppoe_tag的最后一个成员如果用char
*tag_data定义,除了会占用多4个字节的指针变量外,用起来会比较不方便:方法一,创建时,可以首先为struct pppoe_tag分配一块内存,再为tag_data分配内存,这样在释放时,要首先释放tag_data占用的内存,再释放pppoe_tag占用的内存;方法二,创建时,直接为struct pppoe_tag分配一块struct pppoe_tag大小加上tag_data的内存,从例一的420行可以看出,tag_data的内容要进行初始化,要让tag_data指向 strct pppoe_tag后面的内存。size of tag2 = 12
size of tag3 = 8
size of tag4 = 9
l_tag2 = 0xbffffad0,&l_tag2.c = 0xbffffad8,l_tag2.c = (nil)
l_tag3 = 0xbffffac8,l_tag3.c = 0xbffffad0
l_tag4 = 0xbffffabc,l_tag4.c = 0xbffffac4
1struct pppoe_tag {
2 __u16 tag_type;
3 __u16 tag_len;
4 char *tag_data;
5} __attribute ((packed));
6
7struct pppoe_tag *sample_tag;
8__u16 sample_tag_len = 10;
方法一:2 __u16 tag_type;
3 __u16 tag_len;
4 char *tag_data;
5} __attribute ((packed));
6
7struct pppoe_tag *sample_tag;
8__u16 sample_tag_len = 10;
1sample_tag = (struct pppoe_tag *)malloc(sizeof(struct pppoe_tag));
2sample_tag->tag_len = sample_tag_len;
3sample_tag->tag_data = malloc(sizeof(char)*sample_tag_len);
4sample_tag->tag_data[0]=
释放时:2sample_tag->tag_len = sample_tag_len;
3sample_tag->tag_data = malloc(sizeof(char)*sample_tag_len);
4sample_tag->tag_data[0]=
1free(sample_tag->tag_data);
2free(sample_tag);
方法二:2free(sample_tag);
1sample_tag = (struct pppoe_tag *)malloc(sizeof(struct pppoe_tag)+sizeof(char)*sample_tag_len);
2sample_tag->tag_len = sample_tag_len;
3sample_tag->tag_data = ((char *)sample_tag)+sizeof(struct pppoe_tag);
4sample_tag->tag_data[0]=
释放时:2sample_tag->tag_len = sample_tag_len;
3sample_tag->tag_data = ((char *)sample_tag)+sizeof(struct pppoe_tag);
4sample_tag->tag_data[0]=
1free(sample_tag);
所以无论使用那种方法,都没有char tag_data[0]这样的定义来得方便。
讲了这么多,其实本质上涉及到的是一个C语言里面的数组和指针的区别问题。char a[1]里面的a和char *b的b相同吗?《Programming Abstractions in C》(Roberts, E. S.,机械工业出版社,2004.6)82页里面说:“arr is defined to be identical to &arr[0]”。也就是说,char a[1]里面的a实际是一个常量,等于&a[0]。而char *b是有一个实实在在的指针变量b存在。所以,a=b是不允许的,而b=a是允许的。两种变量都支持下标式的访问,那么对于a[0]和b[0]本质上是否有区别?我们可以通过一个例子来说明。
例二:
10 #include <stdio.h>
20 #include <stdlib.h>
30
40 int main()
50 {
60 char a[10];
70 char *b;
80
90 a[2]=0xfe;
100 b[2]=0xfe;
110 exit(0);
120 }
编译后,用objdump可以看到它的汇编:20 #include <stdlib.h>
30
40 int main()
50 {
60 char a[10];
70 char *b;
80
90 a[2]=0xfe;
100 b[2]=0xfe;
110 exit(0);
120 }
080483f0 <main>:
80483f0: 55 push %ebp
80483f1: 89 e5 mov %esp,%ebp
80483f3: 83 ec 18 sub $0x18,%esp
80483f6: c6 45 f6 fe movb $0xfe,0xfffffff6(%ebp)
80483fa: 8b 45 f0 mov 0xfffffff0(%ebp),%eax
80483fd: 83 c0 02 add $0x2,%eax
8048400: c6 00 fe movb $0xfe,(%eax)
8048403: 83 c4 f4 add $0xfffffff4,%esp
8048406: 6a 00 push $0x0
8048408: e8 f3 fe ff ff call 8048300 <_init+0x68>
804840d: 83 c4 10 add $0x10,%esp
8048410: c9 leave
8048411: c3 ret
8048412: 8d b4 26 00 00 00 00 lea 0x0(%esi,1),%esi
8048419: 8d bc 27 00 00 00 00 lea 0x0(%edi,1),%edi
可以看出,a[2]=0xfe是直接寻址,直接将0xfe写入&a[0]+2的地址,而b[2]=0xfe是间接寻址,先将b的内容(地址)拿出来,加2,再0xfe写入计算出来的地址。所以a[0]和b[0]本质上是不同的。但当数组作为参数时,和指针就没有区别了。80483f0: 55 push %ebp
80483f1: 89 e5 mov %esp,%ebp
80483f3: 83 ec 18 sub $0x18,%esp
80483f6: c6 45 f6 fe movb $0xfe,0xfffffff6(%ebp)
80483fa: 8b 45 f0 mov 0xfffffff0(%ebp),%eax
80483fd: 83 c0 02 add $0x2,%eax
8048400: c6 00 fe movb $0xfe,(%eax)
8048403: 83 c4 f4 add $0xfffffff4,%esp
8048406: 6a 00 push $0x0
8048408: e8 f3 fe ff ff call 8048300 <_init+0x68>
804840d: 83 c4 10 add $0x10,%esp
8048410: c9 leave
8048411: c3 ret
8048412: 8d b4 26 00 00 00 00 lea 0x0(%esi,1),%esi
8048419: 8d bc 27 00 00 00 00 lea 0x0(%edi,1),%edi
int do1(char a[],int len);
int do2(char *a,int len);
int do2(char *a,int len);
这两个函数中的a并无任何区别。都是实实在在存在的指针变量。
顺便再说一下,对于struct pppoe_tag的最后一个成员的定义是char tag_data[0],某些编译器不支持长度为0的数组的定义,在这种情况下,只能将它定义成char tag_data[1],使用方法相同。